FBI held onto REvil decryptor for weeks before sharing with victims

By Mayank Sharma
published

The needs of many outweigh the needs of the few, reason agency sources

ID theft
(Image credit: Future)
Audio player loading…

In a strange turn of event, it has emerged that the FBI had managed to get hold of REvil’s universal ransomware (opens in new tab) decryptor key three weeks before sharing it with victims.

Although the agency has not officially confirmed the claims, an anonymous source told the Washington Post (WP) that the FBI withheld the keys so as to not tip off REvil. 

“The questions we ask each time are: What would be the value of a key if disclosed? How many victims are there? Who could be helped? And on the flip side, what would be the value of a potential longer-term operation in disrupting an ecosystem? Those are the questions we will continue to have to balance,” reasoned the unnamed source. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

It appears the FBI was gearing to launch a campaign to take down the notorious ransomware. However, before the agency could make a move, REvil pulled the plug (opens in new tab) on its operations on its own accord.

My precious

The reports come after cybersecurity (opens in new tab) firm Bitdefender (opens in new tab) recently released a universal decryptor (opens in new tab) for REvil victims, claiming to have made it together with a “trusted law enforcement partner” that it failed to identify.

Interestingly, the existence of a universal decryptor was first shared by a REvil representative, after the gang suddenly decided to get back into action (opens in new tab) after staying offline for nearly two months.

“One of our coders misclicked and generated a universal key, and issued the universal decryptor key along with a bunch of keys for one machine,” wrote REvil’s new representative in the Russian-post translated (opens in new tab) by security researchers at Flashpoint.

Flashpoint researchers have observed REvil trying to rebuild its reputation with former collaborators, who weren’t pleased with their sudden disappearance, prompting security researchers to urge clients to brace (opens in new tab) for a new round of REvil attacks.

VIa Washington Post (opens in new tab)

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

See more Computing news